ISO/IEC JTC1/SC22/WG14 N582 Proposal UK013a - Ensure size_t and ptrdiff_t are always valid ============================================================== NOTE - This proposal is an alternative to UK014a. BSI prefer this alternative, but are submitting both. Summary ------- This proposal modifies the rules for declarations so that size_t and ptrdiff_t values cannot overflow when generated in a strictly conforming manner. Conformance ----------- A C89 conforming program will be affected by this proposal, and cause a diagnostic to be generated, if it declares an overly large object. A strictly conforming program could be affected on a perverse implementation (for example, one that makes size_t be unsigned char). Discussion ---------- A C89 implementation can currently make the type size_t so small that it cannot hold all the values that can be generated by the sizeof operator, and similarly the type ptrdiff_t so small that it cannot hold the number of elements of a declared array. This proposal eliminates these cases by requiring a diagnostic when overly large objects are declared. Detailed proposal ----------------- Add to the Constraints of subclause 6.5: A declaration shall not specify an object whose size (in bytes) is greater than the maximum value of an object of type size_t. Replace the Constraint of subclause 6.5.4.2 with: The expression delimited by [ and ] (which specifies the size of an array) shall be an integral constant expression that has a value greater than zero and less than or equal to the minimum of the absolute values of the minimum and maximum values of an object of type ptrdiff_t. Add Rationale material: In both cases, though these are expressed as a constraint on the declaration, they can be handled by making suitable choices for size_t and ptrdiff_t in the implementation, such that these situations never happen; for example, choosing a type whose range is greater than the largest possible object.